Lucene search
K

125 matches found

EUVD
EUVD
added 2026/01/05 7:52 a.m.7 views

EUVD-2026-0820

Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple components. The fixed version...

4.8CVSS5.8AI score0.00327EPSS
Exploits0References5
OSV
OSV
added 2026/01/05 7:52 a.m.7 views

CVE-2025-15022 Cross-site scripting in Action caption

Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple components. The fixed version...

4.8CVSS5.9AI score0.00327EPSS
Exploits0References8
Vaadin
Vaadin
added 2026/01/05 12:0 a.m.43 views

Cross-site scripting in Action caption

Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. See CWE-79 Improper Neutralization of Input During Web Page Generation Cross-site Scripting Description In Vaadin Framework 7 and 8...

4.8CVSS6AI score0.00327EPSS
Exploits0Affected Software4
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.8 views

PT-2026-1225

Name of the Vulnerable Software and Affected Versions Vaadin versions 7.0.0 through 7.7.49 Vaadin versions 8.0.0 through 8.29.1 Vaadin versions 23.1.0 through 23.6.5 Vaadin versions 24.0.0 through 24.8.13 Vaadin versions 24.9.0 through 24.9.6 Description The application allows HTML in action...

4.8CVSS5.9AI score0.00327EPSS
Exploits0References5
NVD
NVD
added 2025/11/18 10:15 a.m.6 views

CVE-2025-12691

The Photonic Gallery & Lightbox for Flickr, SmugMug & Others plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's lightbox functionality in all versions up to, and including, 3.21 due to insufficient input sanitization and output escaping on user supplied caption...

6.4CVSS0.00166EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-4429

Malware in sbrugna...

6.1CVSS6.3AI score0.00947EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-14512

Malware in sbrugna...

5.3CVSS7.6AI score0.02631EPSS
Exploits1References23
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-3507

Malicious code in bioql PyPI...

7.1CVSS8.7AI score0.00241EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-31818

Malicious code in bioql PyPI...

6.4CVSS6.6AI score0.00232EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2025-16698

Malicious code in bioql PyPI...

6.1CVSS7AI score0.00212EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/10/02 3:50 a.m.8 views

CVE-2025-9075

The ZoloBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Gutenberg blocks in versions up to, and including, 2.3.10. This is due to insufficient input sanitization and output escaping on user-supplied attributes within multiple block components including Google...

6.4CVSS5.1AI score0.00232EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/01 3:25 a.m.10 views

CVE-2025-9075 ZoloBlocks – Gutenberg Block Editor Plugin with Advanced Blocks, Dynamic Content, Templates & Patterns <= 2.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting

The ZoloBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Gutenberg blocks in versions up to, and including, 2.3.10. This is due to insufficient input sanitization and output escaping on user-supplied attributes within multiple block components including Google...

6.4CVSS0.00232EPSS
Exploits0References7
NVD
NVD
added 2025/06/03 6:15 a.m.13 views

CVE-2025-3662

The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher Marc Montpas escalated it to an Unauthenticated Stored XSS...

6.1CVSS0.00212EPSS
Exploits1References1
CVE
CVE
added 2025/06/03 6:0 a.m.67 views

CVE-2025-3662

The CVE-2025-3662 entry concerns the WordPress FancyBox plugin (versions before 3.3.6). The root cause is that captions and titles attributes are not escaped before being used to populate galleries’ caption fields, enabling an Unauthenticated Stored XSS exploit. Affected product: FancyBox for Wor...

6.1CVSS5.9AI score0.00212EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/06/03 6:0 a.m.14 views

CVE-2025-3662 FancyBox for WordPress < 3.3.6 - Unauthenticated Stored XSS

The FancyBox for WordPress plugin before 3.3.6 does not escape captions and titles attributes before using them to populate galleries' caption fields. The issue was received as a Contributor+ Stored XSS, however one of our researcher Marc Montpas escalated it to an Unauthenticated Stored XSS...

0.00212EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:24 a.m.5 views

CVE-2023-52187

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Thomas Maier Image Source Control Lite – Show Image Credits and Captions.This issue affects Image Source Control Lite – Show Image Credits and Captions: from n/a through 2.17.0...

7.5CVSS7.8AI score0.00481EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/09 10:21 a.m.4 views

CVE-2025-25098

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zack Katz Links in Captions links-in-captions allows Stored XSS.This issue affects Links in Captions: from n/a through = 1.2...

6.5CVSS7.2AI score0.0027EPSS
Exploits0References1
NVD
NVD
added 2025/02/07 10:15 a.m.10 views

CVE-2025-25098

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zack Katz Links in Captions links-in-captions allows Stored XSS.This issue affects Links in Captions: from n/a through = 1.2...

6.5CVSS0.0027EPSS
Exploits0References1
CVE
CVE
added 2025/02/07 10:11 a.m.46 views

CVE-2025-25098

CVE-2025-25098 applies to the WordPress plugin Links in Captions (versions n/a through 1.2). The issue is a Stored Cross-Site Scripting (XSS) vulnerability caused by improper input neutralization during web page generation. Affects the Links in Captions component; exploitation could enable an att...

6.5CVSS7.2AI score0.0027EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/07 10:11 a.m.19 views

CVE-2025-25098 WordPress Links in Captions plugin <= 1.2 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zack Katz Links in Captions links-in-captions allows Stored XSS.This issue affects Links in Captions: from n/a through = 1.2...

6.5CVSS0.0027EPSS
Exploits0References1
Rows per page
Query Builder